DEBIAN-CVE-2023-22458

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2023-22458

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-22458.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-22458

Upstream

CVE-2023-22458

Published

2023-01-20T19:15:17Z

Modified

2025-09-25T03:27:27.684210Z

Summary

[none]

Details

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://security-tracker.debian.org/tracker/CVE-2023-22458

Affected packages

Debian:12 / redis

Package

Name: redis
Purl: pkg:deb/debian/redis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:7.0.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / redis

Package

Name: redis
Purl: pkg:deb/debian/redis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:7.0.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / redis

Package

Name: redis
Purl: pkg:deb/debian/redis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:7.0.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}